Accountability, Antivirus, Encryption and Information Security

Akira ransomware received $42M in ransom payments from over 250 victims

Security Affairs

APRIL 21, 2024

The Akira ransomware operators implement a double extortion model by exfiltrating victims’ data before encrypting it. Earlier versions of the ransomware were written in C++ and the malware added the.akira extension to the encrypted files. In some attacks, threat actors created an administrative account named itadm.

Ransomware

Ransomware Encryption Antivirus VPN

ViperSoftX uses more sophisticated encryption and anti-analysis techniques

Security Affairs

APRIL 29, 2023

xyz pic.twitter.com/VLhISark8Y — Goldwave (@OGoldwave) March 13, 2023 The variant employed in the campaign supports a more sophisticated encryption method of byte remapping and a monthly rotation of the C2 server. ViperSoftX also checks for active antivirus products running on the machine. c2 arrowlchat[.]com

Encryption

Encryption Malware Cryptocurrency Software

Cactus ransomware gang claims the Schneider Electric hack

Security Affairs

JANUARY 30, 2024

Kroll researchers reported that the ransomware strain outstands for the use of encryption to protect the ransomware binary. The ransomware identifies user accounts by viewing successful logins in Windows Event Viewer, it also uses a modified variant of the open-source PSnmap Tool.

Ransomware

Ransomware Hacking Data breaches Digital transformation

Cactus ransomware gang claims the theft of 1.5TB of data from Energy management and industrial automation firm Schneider Electric

Security Affairs

FEBRUARY 19, 2024

[link] pic.twitter.com/z91nfnGYAQ — Dominic Alvieri (@AlvieriD) February 19, 2024 The Cactus ransomware operation has been active since March 2023, Kroll researchers reported that the ransomware strain is notable for the use of encryption to protect the ransomware binary.

Ransomware

Ransomware Digital transformation Retail Antivirus

Info stealers and how to protect against them

Security Affairs

DECEMBER 18, 2023

They may use various tactics to evade antivirus and other security measures. Some info stealers may use encryption techniques to hide their communication with command-and-control servers, making it more challenging for security systems to detect malicious activities.

Banking

Banking Cybercrime Malware Accountability

Experts spotted a variant of the Agenda Ransomware written in Rust

Security Affairs

DECEMBER 19, 2022

. “The actors customized previous ransomware binaries for the intended victim through the use of confidential information such as leaked accounts and unique company IDs as the appended file extension. Upon further analysis, we have learned that these flags are used for intermittent encryption.” Pierluigi Paganini.

Ransomware

Ransomware Encryption Healthcare Education

Emsisoft: Victims of AstraLocker and Yashma ransomware can recover their files for free

Security Affairs

JULY 8, 2022

The security firm states that the AstraLocker decryptor works for ransomware versions based on the Babuk malware that appends the.Astra or.babyk extensions to the name of the encrypted files. “Be sure to quarantine the malware from your system first, or it may repeatedly lock your system or encrypt files.

Ransomware

Ransomware Encryption Malware Accountability

AMT Games data breach: Millions of Users’ Messages, Account IDs, and IP Addresses Exposed

Security Affairs

JUNE 2, 2021

There was no need for a password or login credentials to access the information, and the data was not encrypted. The leak has since been secured. Feedback message data contained Account id, feedback rating given, and users’ email addresses. What’s Happening? AMT Games is a mobile and browser game developer based in China.

Data breaches

Data breaches Accountability Mobile Phishing

The U.S. CISA and FBI warn of Royal ransomware operation

Security Affairs

MARCH 3, 2023

“FBI and CISA believe this variant, which uses its own custom-made file encryption program, evolved from earlier iterations that used “Zeon” as a loader.” The Royal ransomware can either fully or partially encrypt a file depending on its size and the ‘-ep’ parameter. ” reads the alert. ” continues the alert.

Ransomware

Ransomware Healthcare Antivirus Encryption

New Agenda Ransomware appears in the threat landscape

Security Affairs

AUGUST 27, 2022

The investigation into the incident revealed that threat actor used a public-facing Citrix server as a point of entry, they likely used a valid account to access this server and perform lateral movements inside the victim’s network. The ransomware was employed in a targeted attack against one of the company’s customers.

Ransomware

Ransomware Encryption Accountability Antivirus

New CACTUS ransomware appeared in the threat landscape

Security Affairs

MAY 9, 2023

The new ransomware strain outstands for the use of encryption to protect the ransomware binary. CACTUS essentially encrypts itself, making it harder to detect and helping it evade antivirus and network monitoring tools,” Laurie Iacono, Associate Managing Director for Cyber Risk at Kroll, told Bleeping Computer.

Ransomware

Ransomware VPN Antivirus Encryption

Avoslocker ransomware gang targets US critical infrastructure

Security Affairs

MARCH 19, 2022

The AvosLocker ransomware-as-a-service emerged in the threat landscape in September 2021, since January the group expanded its targets by implementing the support for encrypting Linux systems, specifically VMware ESXi servers. Install and regularly update antivirus software on all hosts, and enable real time detection.

Ransomware

Ransomware DDOS Passwords Backups

FBI and CISA published a new advisory on AvosLocker ransomware

Security Affairs

OCTOBER 13, 2023

The AvosLocker ransomware-as-a-service emerged in the threat landscape in September 2021, since January the group expanded its targets by implementing support for encrypting Linux systems, specifically VMware ESXi servers. bat) scripts [T1059.003] for lateral movement, privilege escalation, and disabling antivirus software.

Ransomware

Ransomware System Administration Antivirus Malware

The Five-Step PCI DSS 4.0 Transition Checklist

CyberSecurity Insiders

JANUARY 6, 2023

First launched in 2004 and updated most recently in 2018, the PCI Data Security (PCI DSS) standard is continually updated to reflect the evolving challenges of the cyberthreat landscape. is clearly failing to protect cardholder account details effectively in today’s environment. Install and maintain network security controls.

Antivirus

Antivirus Retail Software Accountability

FBI warns of PYSA Ransomware attacks against Education Institutions in US and UK

Security Affairs

MARCH 17, 2021

According to the experts, the first infections were observed in late 2019, victims reported their files were encrypted by a strain of malware. locked to the filename of the encrypted files. Once compromised the target network, attackers attempt to exfiltrate the company’s accounts and passwords database.

Education

Education Ransomware Encryption Antivirus

New Cring ransomware deployed targeting unpatched Fortinet VPN devices

Security Affairs

APRIL 7, 2021

This ransomware encrypts data from victims with AES-256 + RSA-8192 and then demands a ~ 2 BTC ransom to get the files back. At least in one case, an attack of the ransomware resulted in a temporary shutdown of the industrial process due to servers used to control the industrial process becoming encrypted.”

VPN

VPN Ransomware Antivirus Firmware

Slack resets passwords for about 0.5% of its users due to the exposure of salted password hashes

Security Affairs

AUGUST 6, 2022

This hashed password was not visible to any Slack clients; discovering it required actively monitoring encrypted network traffic coming from Slack’s servers.” For information on password resets at any time, please visit our Help Centre: [link] ” concludes the advisory. ” reads the advisory published by Slack.

Passwords

Passwords Password Management Antivirus Encryption

BlackByte ransomware breached at least 3 US critical infrastructure organizations

Security Affairs

FEBRUARY 14, 2022

“BlackByte is a Ransomware as a Service (RaaS) group that encrypts files on compromised Windows host systems, including physical and virtual servers.” Once gained access to the network, threat actors deployed tools to perform lateral movements and escalate privileges before exfiltrating and encrypting files.

Ransomware

Ransomware Accountability Firmware Antivirus

US govt agencies released a joint alert on the Lockbit 3.0 ransomware

Security Affairs

MARCH 18, 2023

” By protecting the code with encryption, the latest LockBit version can avoid the detection of signature-based anti-malware solutions. ransomware include remote desktop protocol (RDP) exploitation, drive-by compromise, phishing campaigns, abuse of valid accounts, and exploitation of public-facing applications.

Ransomware

Ransomware Penetration Testing Encryption Accountability

CERT France – Pysa ransomware is targeting local governments

Security Affairs

MARCH 19, 2020

” According to the experts, the first infections were observed in late 2019, victims reported their files were encrypted by a strain of malware. locked to the filename of the encrypted files. “Brute force connection attempts on a supervisory console have been observed, as well as on several ACTIVE DIRECTORY accounts.

Government

Government Ransomware Encryption Penetration Testing

Wannacry, the hybrid malware that brought the world to its knees

Security Affairs

OCTOBER 31, 2022

In the early afternoon of Friday 12 May 2017, the media broke the news of a global computer security attack carried out through a malicious code capable of encrypting data residing in information systems and demanding a ransom in cryptocurrency to restore them, the Wannacry ransomware. Cryptolocker and exploit components.

Malware

Malware Computers and Electronics Encryption Ransomware

PYSA ransomware gang is the most active group in November

Security Affairs

DECEMBER 22, 2021

According to the experts, the first infections were observed in late 2019, victims reported their files were encrypted by a strain of malware. locked to the filename of the encrypted files. Once compromised the target network, attackers attempt to exfiltrate the company’s accounts and passwords database.

Ransomware

Ransomware Penetration Testing Healthcare Government

City of Dallas shut down IT services after ransomware attack

Security Affairs

MAY 4, 2023

FBI and CISA believe this variant, which uses its own custom-made file encryption program, evolved from earlier iterations that used “Zeon” as a loader.” After gaining access to victims’ networks, Royal actors disable antivirus software and exfiltrate large amounts of data before ultimately deploying the ransomware and encrypting the systems.”

Ransomware

Ransomware Healthcare Education Encryption

Mysterious custom malware used to steal 1.2TB of data from million PCs

Security Affairs

JUNE 11, 2021

Cookies are a precious source of intelligence about victims’ habits and could be abused to access the person’s online accounts of the victims. . The database includes 6.6 NordLocker experts speculate the malware campaign leveraged tainted Adobe Photoshop versions, pirated games, and Windows cracking tools.

Malware

Malware Computers and Electronics Software Financial Services

Navigating the complex world of Cybersecurity compliance

CyberSecurity Insiders

MAY 17, 2023

This can include measures such as firewalls , antivirus, access management and data backup policies, etc. Health Insurance Portability and Accountability Act (HIPAA) HIPAA is a U.S. law that regulates the handling of protected health information (PHI).

Cybersecurity

Cybersecurity Risk Insurance Firewall

16 Remote Access Security Best Practices to Implement

eSecurity Planet

AUGUST 22, 2023

As the internet has enabled us to access work, data, and equipment from any location, remote access security has become increasingly crucial. Strong passwords, two-factor authentication, firewalls, encryption, and monitoring systems are just a few of the tools and procedures used to maintain security.

Passwords

Passwords Authentication Encryption VPN

Ransomware Revival: Troldesh becomes a leader by the number of attacks

Security Affairs

NOVEMBER 19, 2019

Ransomware accounted for over half of all malicious mailings in H1 2019, Troldesh aka Shade being the most popular tool among cybercriminals. To bypass antivirus systems, hackers send out malicious emails in non-working hours with delayed activation. Links account for 29%, while attachments—for 71%. rar archive files.

Ransomware

Ransomware Antivirus Malware Banking

Topic-specific policy 4/11: information transfer

Notice Bored

OCTOBER 14, 2021

"Information transfer" is another ambiguous, potentially misleading title for a policy, even if it includes "information security". Formal provision of valuable information, for instance when a client discusses a case with a lawyer, accountant, auditor or some other professional.

Information Security

Information Security Risk Media Encryption

Epsilon Red – our research reveals more than 3.5 thousand servers are still vulnerable

Security Affairs

JUNE 25, 2021

It works: one of the victims has already paid over $200,000 in Bitcoin, setting a dangerous precedent of companies giving into the demands of cyber criminals to prevent a possible data leak and damage to their reputation and loss of operations due to crippled IT services after important file encryption. You can check it. KEY: –. !!!

Antivirus

Antivirus Ransomware Backups Encryption

Woody RAT: A new feature-rich malware spotted in the wild

Malwarebytes

AUGUST 3, 2022

The used lure is in Russian is called “ Information security memo ” which provide security practices for passwords, confidential information, etc. The threat actor has left some debugging information including a pdb path from which we derived and picked a name for this new Rat: Debug Information.

Malware

Malware Encryption Antivirus Architecture

FBI and CISA are warning of APT actors targeting Fortinet FortiOS servers

Security Affairs

APRIL 2, 2021

. “The APT actors may be using any or all of these CVEs to gain access to networks across multiple critical infrastructure sectors to gain access to key networks as pre-positioning for follow-on data exfiltration or data encryption attacks,” continues the advisory. Implement the shortest acceptable timeframe for password changes.

Passwords

Passwords Government Firmware Accountability

API Security and Hackers: What?s the Need?

Security Affairs

MAY 30, 2020

Encryption. You and your partners can cipher all TLS (the successor to SSL) transfers, be it one-way encryption (also called standard one-way TLS) or even better, shared encryption (two-way TLS). Call Security Experts. To limit access to your accounts, use IP Whitelist and IP Blacklist where possible.

Authentication

Authentication Firewall Encryption Passwords

Microsoft: North Korea-linked Zinc APT targets security experts

Security Affairs

JANUARY 29, 2021

Microsoft Threat Intelligence Center (MSTIC) attributes this campaign with high confidence to ZINC, a DPRK-affiliated and state-sponsored group, based on observed tradecraft, infrastructure, malware patterns, and account affiliations.” Attackers also employed an encrypted Chrome password-stealer hosted on ZINC domain [link]. .

Malware

Malware Antivirus Hacking Accountability

Belarussian authorities arrested GandCrab ransomware distributor

Security Affairs

AUGUST 3, 2020

The authors of the GandCrab RaaS also offers technical support and updates to its members, they also published a video tutorial that shows how the ransomware is able to avoid antivirus detection. ransom amount, individual bots and encryption masks). reads the translation of the ad.

Ransomware

Ransomware Advertising Malware Hacking

US CISA and FBI publish joint alert on DarkSide ransomware

Security Affairs

MAY 13, 2021

According to open-source reporting, since August 2020, DarkSide actors have been targeting multiple large, high-revenue organizations, resulting in the encryption and theft of sensitive data. Set antivirus/antimalware programs to conduct regular scans of IT network assets using up-to-date signatures.

Ransomware

Ransomware Healthcare Phishing Risk

The 5 C’s of Audit Reporting

Centraleyes

MARCH 12, 2024

Controls: Objective: Evaluate the effectiveness of security controls and measures to safeguard assets and data. Audit Focus: Assess access controls to ensure only authorized personnel have access to sensitive information. Review encryption methods and protocols to protect data in transit and at rest.

Risk

Risk Cybersecurity Government Firewall

Woody RAT: A new feature-rich malware spotted in the wild

Malwarebytes

AUGUST 3, 2022

The used lure is in Russian is called " Information security memo " which provide security practices for passwords, confidential information, etc. The threat actor has left some debugging information including a pdb path from which we derived and picked a name for this new Rat: Debug Information.

Malware

Malware Encryption Antivirus Architecture

What Is Data Loss Prevention (DLP)? Definition & Best Practices

eSecurity Planet

MARCH 29, 2024

This also involves integrating it with existing cybersecurity measures such as firewalls , endpoint protection tools, monitoring solutions , and antivirus software to provide comprehensive data protection and threat mitigation capabilities. Secure your systems: Increase security by restricting system access to authorized users.

Data breaches

Data breaches Risk Accountability Education

Astaroth Trojan leverages Facebook and YouTube to avoid detection

Security Affairs

SEPTEMBER 15, 2019

According to the experts, LOLbins are very effecting in evading antivirus software. . “This campaign also utilized Cloudflare workers (JavaScript execution environment) to download modules and payloads, negating network security measures. .” continues the researchers.

Phishing

Phishing Malware Encryption Network Security

Latin American Javali trojan weaponizing Avira antivirus legitimate injector to implant malware

Security Affairs

FEBRUARY 16, 2021

Latin American Javali trojan weaponizing Avira antivirus legitimate injector to implant malware. After that, the following files are extracted, namely: Avira.exe : Legitimate injector from Avira Antivirus. In the last few years, many banking trojans developed by Latin American criminals have increased in volume and sophistication.

Antivirus

Antivirus Malware Banking Internet

5 Ways to Protect Yourself from IP Address Hacking

Security Affairs

AUGUST 20, 2019

Your IP address represents your digital identity online, hacking it not only allows attackers to access your device or your accounts, but it may cause even bigger damage. But in reality, your IP address is as prone to theft as your other information. Secure Your Router.

Hacking

Hacking VPN Internet Internet

Top Cybersecurity Accounts to Follow on Twitter

eSecurity Planet

DECEMBER 3, 2021

Here are the top Twitter accounts to follow for the latest commentary, research, and much-needed humor in the ever-evolving information security space. Lots of accounts including Bezos, Elon Musk, Joe Biden, Barack Obama, Bill Gates, Mr Beast, and a ton more getting hacked for a bitcoin scheme. Graham Cluley | @gcluley.

Accountability

Accountability Cybersecurity Penetration Testing InfoSec

The Best Ransomware Protection for G Suite and Office 365: SpinOne

Spinone

JANUARY 24, 2020

Our algorithms analyze file-level behavior for any anomalies and if they recognize ransomware encryption patterns, they block the source of the attack and revoke access to the user account to stop any further encryption processes. Ransomware encrypts your files, and backup is the best way to get them back.

Ransomware

Ransomware Backups Encryption Antivirus

The stealthy email stealer in the TA505 hacker group’s arsenal

Security Affairs

MAY 16, 2019

Firstly, we noticed this secondary component was well protected against antivirus detection, in fact, the PE file was signed by Sectigo in the first half of May, one of the major Russian Certification Authority. As previously described, the malware’s principal purpose is to iterate through the filesystem looking for email accounts.

Banking

Banking Malware Surveillance Retail

Akira ransomware received $42M in ransom payments from over 250 victims

ViperSoftX uses more sophisticated encryption and anti-analysis techniques

Trending Sources

Cactus ransomware gang claims the Schneider Electric hack

Cactus ransomware gang claims the theft of 1.5TB of data from Energy management and industrial automation firm Schneider Electric

Info stealers and how to protect against them

Experts spotted a variant of the Agenda Ransomware written in Rust

Emsisoft: Victims of AstraLocker and Yashma ransomware can recover their files for free

AMT Games data breach: Millions of Users’ Messages, Account IDs, and IP Addresses Exposed

The U.S. CISA and FBI warn of Royal ransomware operation

New Agenda Ransomware appears in the threat landscape

New CACTUS ransomware appeared in the threat landscape

Avoslocker ransomware gang targets US critical infrastructure

FBI and CISA published a new advisory on AvosLocker ransomware

The Five-Step PCI DSS 4.0 Transition Checklist

FBI warns of PYSA Ransomware attacks against Education Institutions in US and UK

New Cring ransomware deployed targeting unpatched Fortinet VPN devices

Slack resets passwords for about 0.5% of its users due to the exposure of salted password hashes

BlackByte ransomware breached at least 3 US critical infrastructure organizations

US govt agencies released a joint alert on the Lockbit 3.0 ransomware

CERT France – Pysa ransomware is targeting local governments

Wannacry, the hybrid malware that brought the world to its knees

PYSA ransomware gang is the most active group in November

City of Dallas shut down IT services after ransomware attack

Mysterious custom malware used to steal 1.2TB of data from million PCs

Navigating the complex world of Cybersecurity compliance

16 Remote Access Security Best Practices to Implement

Ransomware Revival: Troldesh becomes a leader by the number of attacks

Topic-specific policy 4/11: information transfer

Epsilon Red – our research reveals more than 3.5 thousand servers are still vulnerable

Woody RAT: A new feature-rich malware spotted in the wild

FBI and CISA are warning of APT actors targeting Fortinet FortiOS servers

API Security and Hackers: What?s the Need?

Microsoft: North Korea-linked Zinc APT targets security experts

Belarussian authorities arrested GandCrab ransomware distributor

US CISA and FBI publish joint alert on DarkSide ransomware

The 5 C’s of Audit Reporting

Woody RAT: A new feature-rich malware spotted in the wild

What Is Data Loss Prevention (DLP)? Definition & Best Practices

Astaroth Trojan leverages Facebook and YouTube to avoid detection

Latin American Javali trojan weaponizing Avira antivirus legitimate injector to implant malware

5 Ways to Protect Yourself from IP Address Hacking

Top Cybersecurity Accounts to Follow on Twitter

The Best Ransomware Protection for G Suite and Office 365: SpinOne

The stealthy email stealer in the TA505 hacker group’s arsenal

Stay Connected